cannot access exchange 2013 web management
This is a fresh installation of Exchange 2013 Cu5 on Server 2008 R2. All prereq's were met prior to the installation. I downloaded the latest installer for Exchange 2013 which is CU5 directly from Microsoft. AD was prepped properly before hand.
We have Exchange 2007 running without issues, but ultimately want to migrate to Exchange 2013. We already have Lync 2013 and like it, so want to continue with the tradition. We would have put it on 2012 R2 server but do not have the money for the datacenter licence for our VM infrastructure this year.
Anyway install went smoothly with no errors. I however try to access the ecp at https://email/ecp/?ExchClientVer=15 and it loads fine but it will not accept any username or password I use. I added myself to the Exchange Organization Administrators group and that did not resolve the issue. Our admin account is also in that group and cannot log in. However it is talking to AD because I can blow the password incorrectly on purpose a few times and the account WILL lock out. I created a NEW account called exchadmin and added him to the Exch Organization Administrators, and that account will not log in either. I thought maybe they have to have a mailbox on the NEW server (as opposed to old)... so on the NEW server I ran in PS enable-mailbox exchadmin. I can see the mailbox is enabled. Still can't sign into the EAC with this user account.
I tried rebuilding the EAC with these commands
Remove-EcpVirtualDirectory
New-EcpVirtualDirectory -Server email -externalURL https://email.domain.com/ecp -InternalUR
https://email.domain.com/ecp
Name Server
---- ------
ecp (Default Web Site) EMAIL
Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalU
Name : ecp (Default Web Site)
InternalUrl : https://email.domain.com/ecp
ExternalUrl : https://email.domain.com/ecp
I also tried iisreset, and also a reboot since none of those above actions worked.
Please help!
We have Exchange 2007 running without issues, but ultimately want to migrate to Exchange 2013. We already have Lync 2013 and like it, so want to continue with the tradition. We would have put it on 2012 R2 server but do not have the money for the datacenter licence for our VM infrastructure this year.
Anyway install went smoothly with no errors. I however try to access the ecp at https://email/ecp/?ExchClientVer=15 and it loads fine but it will not accept any username or password I use. I added myself to the Exchange Organization Administrators group and that did not resolve the issue. Our admin account is also in that group and cannot log in. However it is talking to AD because I can blow the password incorrectly on purpose a few times and the account WILL lock out. I created a NEW account called exchadmin and added him to the Exch Organization Administrators, and that account will not log in either. I thought maybe they have to have a mailbox on the NEW server (as opposed to old)... so on the NEW server I ran in PS enable-mailbox exchadmin. I can see the mailbox is enabled. Still can't sign into the EAC with this user account.
I tried rebuilding the EAC with these commands
Remove-EcpVirtualDirectory
New-EcpVirtualDirectory -Server email -externalURL https://email.domain.com/ecp -InternalUR
https://email.domain.com/ecp
Name Server
---- ------
ecp (Default Web Site) EMAIL
Get-ECPVirtualDirectory | Format-List Name,InternalURL,ExternalU
Name : ecp (Default Web Site)
InternalUrl : https://email.domain.com/ecp
ExternalUrl : https://email.domain.com/ecp
I also tried iisreset, and also a reboot since none of those above actions worked.
Please help!
Exchange Organization Administrators
This is the 2007 group. You need to add yourself to the Organization Management group.
Not sure if that is just a typo in the post but the URL should be:
https://mail.contoso.com/ecp?ExchClientVer15
ASKER
Thank you, It still does not let me in. The screen flashes and then the password disappears.
I created a special account in AD called exchadmin. They are a member of:
Domain Admins
Domain Users
Enterprise Admins
Organization Management
Schema Admins
Now when I format the URL as you posted, Exchange Admin Center comes up and it says Domain\user name in the first field. Am I typing the short name of DOMAIN\username or DOMAIN.COM\username, or can I do username@domain.com? I tried all these combinations and its the same end result. But if it worked correctly which way should I enter it?
I tried this on the server itself using IE11 with IE ESC disabled, and I tried on my workstation with IE11 and Google Chrome. Same net result either way. Powershell connects without a problem. Service are all running. Things appear to be running normally, I just cannot get into this EAC.
I created a special account in AD called exchadmin. They are a member of:
Domain Admins
Domain Users
Enterprise Admins
Organization Management
Schema Admins
Now when I format the URL as you posted, Exchange Admin Center comes up and it says Domain\user name in the first field. Am I typing the short name of DOMAIN\username or DOMAIN.COM\username, or can I do username@domain.com? I tried all these combinations and its the same end result. But if it worked correctly which way should I enter it?
I tried this on the server itself using IE11 with IE ESC disabled, and I tried on my workstation with IE11 and Google Chrome. Same net result either way. Powershell connects without a problem. Service are all running. Things appear to be running normally, I just cannot get into this EAC.
Hello,
domain\user should be the right one.
domain\user should be the right one.
Now when I format the URL as you posted, Exchange Admin Center comes up and it says Domain\user name in the first field. Am I typing the short name of DOMAIN\username or DOMAIN.COM\username, or can I do username@domain.com? I tried all these combinations and its the same end result. But if it worked correctly which way should I enter it?
I always use DOMAIN\username to log into ECP.
I tried this on the server itself using IE11 with IE ESC disabled, and I tried on my workstation with IE11 and Google Chrome. Same net result either way. Powershell connects without a problem. Service are all running. Things appear to be running normally, I just cannot get into this EAC.
And it still just reports bad username and password?
Are all Exchange Services started?
Also, run this command from EMS. Just to make sure Exchange is seeing the right DCs.
Get-ExchangeServer -Status | fl *current*,*static*
On the DC that this command returns, try running DCDIAG /v to see if the DC is having any problems. I am wondering if you are having replication issues.
Also, run this command from EMS. Just to make sure Exchange is seeing the right DCs.
Get-ExchangeServer -Status | fl *current*,*static*
On the DC that this command returns, try running DCDIAG /v to see if the DC is having any problems. I am wondering if you are having replication issues.
Can you post the output from
Get-EcpVirtualDirectory | select *AuthenticationMethods, DefaultDomain, AdminEnabled,FormsAuthenti
Get-OWAVirtualDirectory | select *AuthenticationMethods, DefaultDomain, OwaVersion,FormsAuthentica
Get-EcpVirtualDirectory | select *AuthenticationMethods, DefaultDomain, AdminEnabled,FormsAuthenti
Get-OWAVirtualDirectory | select *AuthenticationMethods, DefaultDomain, OwaVersion,FormsAuthentica
ASKER
Ok mail is the Exchange 2007 server but here is the output of the first request. It is not seeing another DC but that is at another site, so I'm not sure if it just looks at the site its in or not.
Get-ExchangeServer -Status | fl *current*,*static*
WARNING: An error occurred while accessing the registry on the server "mail.domain.com". The error that occurred is:
"The network path was not found.
".
CurrentDomainControllers : {D2.domain.com, DC1.domain.com}
CurrentGlobalCatalogs : {D2.domain.com, DC1.domain.com}
CurrentConfigDomainControl
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainControll
StaticExcludedDomainContro
CurrentDomainControllers : {DC1.domain.com, D2.domain.com}
CurrentGlobalCatalogs : {DC1.domain.com, D2.domain.com}
CurrentConfigDomainControl
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainControll
StaticExcludedDomainContro
Next requests:
Get-EcpVirtualDirectory | select *AuthenticationMethods, DefaultDomain, AdminEnabled,FormsAuthenti
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
AdminEnabled : True
FormsAuthentication : True
Get-OWAVirtualDirectory | select *AuthenticationMethods, DefaultDomain, OwaVersion,FormsAuthentica
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain : domain.com
OwaVersion : Exchange2007
FormsAuthentication : True
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2013
FormsAuthentication : True
Get-ExchangeServer -Status | fl *current*,*static*
WARNING: An error occurred while accessing the registry on the server "mail.domain.com". The error that occurred is:
"The network path was not found.
".
CurrentDomainControllers : {D2.domain.com, DC1.domain.com}
CurrentGlobalCatalogs : {D2.domain.com, DC1.domain.com}
CurrentConfigDomainControl
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainControll
StaticExcludedDomainContro
CurrentDomainControllers : {DC1.domain.com, D2.domain.com}
CurrentGlobalCatalogs : {DC1.domain.com, D2.domain.com}
CurrentConfigDomainControl
StaticDomainControllers : {}
StaticGlobalCatalogs : {}
StaticConfigDomainControll
StaticExcludedDomainContro
Next requests:
Get-EcpVirtualDirectory | select *AuthenticationMethods, DefaultDomain, AdminEnabled,FormsAuthenti
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
AdminEnabled : True
FormsAuthentication : True
Get-OWAVirtualDirectory | select *AuthenticationMethods, DefaultDomain, OwaVersion,FormsAuthentica
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2003or2000
FormsAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain : domain.com
OwaVersion : Exchange2007
FormsAuthentication : True
InternalAuthenticationMeth
ExternalAuthenticationMeth
DefaultDomain :
OwaVersion : Exchange2013
FormsAuthentication : True
Is it right, that you have
Relating to your last post... You have multiple sites , but the Exchange server are all in one site?
If you take a look at the following output, does this correspond to the "reality"?
Can you run nltest /dsgetsite in CMD.exe from the Exchange servers and domain controllers? Are the outputs correct?
EDIT: On the EAC, you need to enter DOMAIN\username to get in.
y2 domain controllers
5 Exchange Server 2007
1 Exchange Server 2013
What is the output of Test-EcpConnectivity
Do you have a legacy URL in place?
mail.domain.com is pointing to the 2007?
Does this work? https://FQDNof2013/ecp?ExchClientVer15
Relating to your last post... You have multiple sites , but the Exchange server are all in one site?
If you take a look at the following output, does this correspond to the "reality"?
Get-ExchangeServer | select AdminDisplayVersion,Site,S
Can you run nltest /dsgetsite in CMD.exe from the Exchange servers and domain controllers? Are the outputs correct?
EDIT: On the EAC, you need to enter DOMAIN\username to get in.
ASKER
We have 3 domain controllers
2 in site "Pottstown". 1 in site "Wyomissing"
1 Exchange Server 2007 called mail
1 Exchange Server 2013 called email
Output of Test-EcpConnectivity (not so good)
WARNING: Test user 'extest_3b66904511cf4' isn't accessible, so this cmdlet won't be able to test Client Access server
connectivity.
Could not find or sign in with user domain.com\extest_3b669045
sign in as a Domain Administrator, and then run Scripts\new-TestCasConnect
on Mailbox server EMAIL.domain.com
+ CategoryInfo : ObjectNotFound: (:) [Test-EcpConnectivity], CasHealthCouldN...edInfoEx
+ FullyQualifiedErrorId : [Server=EMAIL,RequestId=cf
PM] [FailureCategory=Cmdlet-Ca
g.TestEcpConnectivity
+ PSComputerName : email.domain.com
WARNING: No Client Access servers were tested.
No "legacy" URL in place, just using mail.domain.com for the old and email.domain.com for the new. Don't want to be disruptive to the environment. I could create a new A record in DNS if thats needed.
mail.domain.com is infact pointing to 2007.
The https://email.domain.com/ecp?ExchClientVer15 loads, but when you enter a username and password, it just blinks when you sign in. The only feedback you get is if the password is wrong. If the password is correct, it just blinks.
This output is also correct:
Get-ExchangeServer | select AdminDisplayVersion,Site,S
AdminDisplayVersion Site ServerRole
------------------- ---- ----------
Version 8.3 (Build 83.6) domain.com/Configuration/S
Version 15.0 (Build 913.22) domain.com/Configuration/S
nltest /dsgetsite
DC1 shows "Pottstown" this is correct. - DC
D2 shows "Pottstown" this is correct. - DC
mail shows "Pottstown" this is correct - Exch 2007
email shows "Pottstown" this is correct. - Exch 2013
dcwyo shows "Wyomissing" this is correct. - DC at DR site
2 in site "Pottstown". 1 in site "Wyomissing"
1 Exchange Server 2007 called mail
1 Exchange Server 2013 called email
Output of Test-EcpConnectivity (not so good)
WARNING: Test user 'extest_3b66904511cf4' isn't accessible, so this cmdlet won't be able to test Client Access server
connectivity.
Could not find or sign in with user domain.com\extest_3b669045
sign in as a Domain Administrator, and then run Scripts\new-TestCasConnect
on Mailbox server EMAIL.domain.com
+ CategoryInfo : ObjectNotFound: (:) [Test-EcpConnectivity], CasHealthCouldN...edInfoEx
+ FullyQualifiedErrorId : [Server=EMAIL,RequestId=cf
PM] [FailureCategory=Cmdlet-Ca
g.TestEcpConnectivity
+ PSComputerName : email.domain.com
WARNING: No Client Access servers were tested.
No "legacy" URL in place, just using mail.domain.com for the old and email.domain.com for the new. Don't want to be disruptive to the environment. I could create a new A record in DNS if thats needed.
mail.domain.com is infact pointing to 2007.
The https://email.domain.com/ecp?ExchClientVer15 loads, but when you enter a username and password, it just blinks when you sign in. The only feedback you get is if the password is wrong. If the password is correct, it just blinks.
This output is also correct:
Get-ExchangeServer | select AdminDisplayVersion,Site,S
AdminDisplayVersion Site ServerRole
------------------- ---- ----------
Version 8.3 (Build 83.6) domain.com/Configuration/S
Version 15.0 (Build 913.22) domain.com/Configuration/S
nltest /dsgetsite
DC1 shows "Pottstown" this is correct. - DC
D2 shows "Pottstown" this is correct. - DC
mail shows "Pottstown" this is correct - Exch 2007
email shows "Pottstown" this is correct. - Exch 2013
dcwyo shows "Wyomissing" this is correct. - DC at DR site
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok output of the first thing looks like there could be an issue there, though the error column is truncated...
new-TestCasConnectivityUse
Please enter a temporary secure password for creating test users. For security purposes, the password will be changed regularly and automatically by the system.
Enter password: *************
Create test user on: EMAIL.domain.com
Click CTRL+Break to quit or click Enter to continue.:
UserPrincipalName: extest_3b66904511cf4@domai
WARNING: Please update UseDatabaseQuotaDefaults to false in order for mailbox quotas to apply.
WARNING: The command completed successfully but no settings of 'domain.com/Users/extest_3
modified.
You can enable the test user for Unified Messaging by running this command with the following optional parameters : [-UM
DialPlan <dialplanname> -UMExtension <numDigitsInDialplan>] . Either None or Both must be present.
Test-EcpConnectivity
WARNING: The test couldn't test the internal URL of this virtual directory, because the InternalURL property isn't set.
CasServer LocalSite Scenario Result Latency(MS) Error
--------- --------- -------- ------ ----------- -----
EMAIL Pottstown Logon Skipped The test couldn't tes...
EMAIL Pottstown Sign in Failure The test failed to es...
Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
51E4059B15DF8CE5D2D23CF9BC
4BDC836CDD07A11F212A5AF308
8408631AF074EBD6349CE8CE46
A8440B7CD2BAF7920EE76028B2
For the IIS Binding config
My screen looks simular to yours. The SSL certificate is email.domain.com and the thumbprint looks like it matches the last one above A8440b7c...
new-TestCasConnectivityUse
Please enter a temporary secure password for creating test users. For security purposes, the password will be changed regularly and automatically by the system.
Enter password: *************
Create test user on: EMAIL.domain.com
Click CTRL+Break to quit or click Enter to continue.:
UserPrincipalName: extest_3b66904511cf4@domai
WARNING: Please update UseDatabaseQuotaDefaults to false in order for mailbox quotas to apply.
WARNING: The command completed successfully but no settings of 'domain.com/Users/extest_3
modified.
You can enable the test user for Unified Messaging by running this command with the following optional parameters : [-UM
DialPlan <dialplanname> -UMExtension <numDigitsInDialplan>] . Either None or Both must be present.
Test-EcpConnectivity
WARNING: The test couldn't test the internal URL of this virtual directory, because the InternalURL property isn't set.
CasServer LocalSite Scenario Result Latency(MS) Error
--------- --------- -------- ------ ----------- -----
EMAIL Pottstown Logon Skipped The test couldn't tes...
EMAIL Pottstown Sign in Failure The test failed to es...
Get-ExchangeCertificate
Thumbprint Services Subject
---------- -------- -------
51E4059B15DF8CE5D2D23CF9BC
4BDC836CDD07A11F212A5AF308
8408631AF074EBD6349CE8CE46
A8440B7CD2BAF7920EE76028B2
For the IIS Binding config
My screen looks simular to yours. The SSL certificate is email.domain.com and the thumbprint looks like it matches the last one above A8440b7c...
ASKER
Oh just in case you might ask, because that output of Test-EcpConnectivity....
Here is the output of get-ecpvirtualdirectory | fl name, internalurl, externalurl
Name : ecp (Default Web Site)
InternalUrl : https://email.domain.com/ecp
ExternalUrl : https://email.domain.com/ecp
Here is the output of get-ecpvirtualdirectory | fl name, internalurl, externalurl
Name : ecp (Default Web Site)
InternalUrl : https://email.domain.com/ecp
ExternalUrl : https://email.domain.com/ecp
Thank you!
So, it's quite late here in Switzerland, I have to leave for today (UTC+1 ;-)).
With the information I have, it seems that there is something wrong with the ecp directories.
Next steps could be
So, it's quite late here in Switzerland, I have to leave for today (UTC+1 ;-)).
With the information I have, it seems that there is something wrong with the ecp directories.
Next steps could be
get-clientaccessserver | get-ecpvirtualdirectory | ft name,AdminDispl*, *url
And only to be sure; is the ClientAccess Role on the Exchange 2013 installed?
ASKER
Well I will give you this for now, but yes I have to head out as well. I will try to review that support kb tomorrow. ClientAccess Role is installed because when I run Exchange 2013 CU5 setup again, I see that it is installed.
get-clientaccessserver | get-ecpvirtualdirectory | ft name,A
minDispl*,*url
ame AdminDisplayVersion AdminDisplayName InternalUrl ExternalUrl
--- ------------------- ---------------- ----------- -----------
cp (Default Web Site) Version 15.0 (Build ... https://email.domain... https://email.domain...
get-clientaccessserver | get-ecpvirtualdirectory | ft name,A
minDispl*,*url
ame AdminDisplayVersion AdminDisplayName InternalUrl ExternalUrl
--- ------------------- ---------------- ----------- -----------
cp (Default Web Site) Version 15.0 (Build ... https://email.domain... https://email.domain...
ASKER
Well I had a few minutes to try that
Set-EcpVirtualDirectory -Identity "email\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false
The operation on virtual directory "EMAIL\ecp (Exchange Back End)" failed because it's out of the current user's write
scope. Unable to perform the save operation. 'EMAIL\ecp (Exchange Back End)' is not within a valid server write scope.
+ CategoryInfo : InvalidOperation: (EMAIL\ecp (Exchange Back End):ADObjectId) [Set-EcpVirtualDirectory],
InvalidOperationException
+ FullyQualifiedErrorId : [Server=EMAIL,RequestId=28
PM] [FailureCategory=Cmdlet-In
Tasks.SetEcpVirtualDirecto
+ PSComputerName : email.domain.com
I ran PS as an admin and I'm logged into the system as an admin. I don't know why this is failing.
Set-EcpVirtualDirectory -Identity "email\ecp (Exchange Back End)" -WindowsAuthentication $true -FormsAuthentication $false
The operation on virtual directory "EMAIL\ecp (Exchange Back End)" failed because it's out of the current user's write
scope. Unable to perform the save operation. 'EMAIL\ecp (Exchange Back End)' is not within a valid server write scope.
+ CategoryInfo : InvalidOperation: (EMAIL\ecp (Exchange Back End):ADObjectId) [Set-EcpVirtualDirectory],
InvalidOperationException
+ FullyQualifiedErrorId : [Server=EMAIL,RequestId=28
PM] [FailureCategory=Cmdlet-In
Tasks.SetEcpVirtualDirecto
+ PSComputerName : email.domain.com
I ran PS as an admin and I'm logged into the system as an admin. I don't know why this is failing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you please post the output of
Get-ManagementRoleAssignment -GetEffectiveUsers | Where { $_.EffectiveUserName -Eq "YourAdminUserName" } | Format-Table EffectiveUserName, Role, CustomRecipientWriteScope, CustomConfigWriteScopeASKER
Ok here is the output of that command:
Get-ManagementRoleAssignme
} | Format-Table EffectiveUserName, Role, CustomRecipientWriteScope,
EffectiveUserName Role CustomRecipientWriteScope CustomConfigWriteScope
----------------- ---- ------------------------- ----------------------
ExchAdmin Active Directory Permissions
ExchAdmin Active Directory Permissions
ExchAdmin Address Lists
ExchAdmin Address Lists
ExchAdmin ApplicationImpersonation
ExchAdmin ArchiveApplication
ExchAdmin Audit Logs
ExchAdmin Audit Logs
ExchAdmin Cmdlet Extension Agents
ExchAdmin Cmdlet Extension Agents
ExchAdmin Data Loss Prevention
ExchAdmin Data Loss Prevention
ExchAdmin Database Availability Groups
ExchAdmin Database Availability Groups
ExchAdmin Database Copies
ExchAdmin Database Copies
ExchAdmin Databases
ExchAdmin Databases
ExchAdmin Disaster Recovery
ExchAdmin Disaster Recovery
ExchAdmin Distribution Groups
ExchAdmin Distribution Groups
ExchAdmin Edge Subscriptions
ExchAdmin Edge Subscriptions
ExchAdmin E-Mail Address Policies
ExchAdmin E-Mail Address Policies
ExchAdmin Exchange Connectors
ExchAdmin Exchange Connectors
ExchAdmin ExchangeCrossServiceIntegr
ExchAdmin Exchange Server Certificates
ExchAdmin Exchange Server Certificates
ExchAdmin Exchange Servers
ExchAdmin Exchange Servers
ExchAdmin Exchange Virtual Directories
ExchAdmin Exchange Virtual Directories
ExchAdmin Federated Sharing
ExchAdmin Federated Sharing
ExchAdmin Information Rights Management
ExchAdmin Information Rights Management
ExchAdmin Journaling
ExchAdmin Journaling
ExchAdmin Legal Hold
ExchAdmin Legal Hold
ExchAdmin LegalHoldApplication
ExchAdmin Mail Enabled Public Folders
ExchAdmin Mail Enabled Public Folders
ExchAdmin Mail Recipient Creation
ExchAdmin Mail Recipient Creation
ExchAdmin Mail Recipients
ExchAdmin Mail Recipients
ExchAdmin Mail Tips
ExchAdmin Mail Tips
ExchAdmin Mailbox Import Export
ExchAdmin Mailbox Search
ExchAdmin MailboxSearchApplication
ExchAdmin Message Tracking
ExchAdmin Message Tracking
ExchAdmin Migration
ExchAdmin Migration
ExchAdmin Monitoring
ExchAdmin Monitoring
ExchAdmin Move Mailboxes
ExchAdmin Move Mailboxes
ExchAdmin OfficeExtensionApplication
ExchAdmin Org Custom Apps
ExchAdmin Org Custom Apps
ExchAdmin Org Marketplace Apps
ExchAdmin Org Marketplace Apps
ExchAdmin Organization Client Access
ExchAdmin Organization Client Access
ExchAdmin Organization Configuration
ExchAdmin Organization Configuration
ExchAdmin Organization Transport Set...
ExchAdmin Organization Transport Set...
ExchAdmin POP3 And IMAP4 Protocols
ExchAdmin POP3 And IMAP4 Protocols
ExchAdmin Public Folders
ExchAdmin Public Folders
ExchAdmin Receive Connectors
ExchAdmin Receive Connectors
ExchAdmin Recipient Policies
ExchAdmin Recipient Policies
ExchAdmin Remote and Accepted Domains
ExchAdmin Remote and Accepted Domains
ExchAdmin Reset Password
ExchAdmin Retention Management
ExchAdmin Retention Management
ExchAdmin Role Management
ExchAdmin Role Management
ExchAdmin Security Group Creation an...
ExchAdmin Security Group Creation an...
ExchAdmin Send Connectors
ExchAdmin Send Connectors
ExchAdmin Support Diagnostics
ExchAdmin TeamMailboxLifecycleApplic
ExchAdmin Team Mailboxes
ExchAdmin Team Mailboxes
ExchAdmin Transport Agents
ExchAdmin Transport Agents
ExchAdmin Transport Hygiene
ExchAdmin Transport Hygiene
ExchAdmin Transport Queues
ExchAdmin Transport Queues
ExchAdmin Transport Rules
ExchAdmin Transport Rules
ExchAdmin UM Mailboxes
ExchAdmin UM Mailboxes
ExchAdmin UM Prompts
ExchAdmin UM Prompts
ExchAdmin UnScoped Role Management
ExchAdmin Unified Messaging
ExchAdmin Unified Messaging
ExchAdmin UserApplication
ExchAdmin User Options
ExchAdmin User Options
ExchAdmin View-Only Audit Logs
ExchAdmin View-Only Audit Logs
ExchAdmin View-Only Configuration
ExchAdmin View-Only Configuration
ExchAdmin View-Only Recipients
ExchAdmin View-Only Recipients
ExchAdmin WorkloadManagement
ExchAdmin WorkloadManagement
ExchAdmin Mail Enabled Public Folders
ExchAdmin Public Folders
ExchAdmin Monitoring
ExchAdmin View-Only Configuration
ExchAdmin View-Only Recipients
ExchAdmin My Custom Apps
ExchAdmin My Marketplace Apps
ExchAdmin MyBaseOptions
ExchAdmin MyContactInformation
ExchAdmin MyProfileInformation
ExchAdmin MyRetentionPolicies
ExchAdmin MyTextMessaging
ExchAdmin MyVoiceMail
ExchAdmin MyDiagnostics
ExchAdmin MyDistributionGroupMembers
ExchAdmin MyDistributionGroups
ExchAdmin MyTeamMailboxes
I could remove and do a new ecp virtual directory, but I'm almost positive I tried that already. Permissions screwy? Well then thats a bug in Exchange 2013 CU5 setup because this was a virgin box. It wasn't tampered with in any way and the default install paths were taken.
Get-ManagementRoleAssignme
} | Format-Table EffectiveUserName, Role, CustomRecipientWriteScope,
EffectiveUserName Role CustomRecipientWriteScope CustomConfigWriteScope
----------------- ---- ------------------------- ----------------------
ExchAdmin Active Directory Permissions
ExchAdmin Active Directory Permissions
ExchAdmin Address Lists
ExchAdmin Address Lists
ExchAdmin ApplicationImpersonation
ExchAdmin ArchiveApplication
ExchAdmin Audit Logs
ExchAdmin Audit Logs
ExchAdmin Cmdlet Extension Agents
ExchAdmin Cmdlet Extension Agents
ExchAdmin Data Loss Prevention
ExchAdmin Data Loss Prevention
ExchAdmin Database Availability Groups
ExchAdmin Database Availability Groups
ExchAdmin Database Copies
ExchAdmin Database Copies
ExchAdmin Databases
ExchAdmin Databases
ExchAdmin Disaster Recovery
ExchAdmin Disaster Recovery
ExchAdmin Distribution Groups
ExchAdmin Distribution Groups
ExchAdmin Edge Subscriptions
ExchAdmin Edge Subscriptions
ExchAdmin E-Mail Address Policies
ExchAdmin E-Mail Address Policies
ExchAdmin Exchange Connectors
ExchAdmin Exchange Connectors
ExchAdmin ExchangeCrossServiceIntegr
ExchAdmin Exchange Server Certificates
ExchAdmin Exchange Server Certificates
ExchAdmin Exchange Servers
ExchAdmin Exchange Servers
ExchAdmin Exchange Virtual Directories
ExchAdmin Exchange Virtual Directories
ExchAdmin Federated Sharing
ExchAdmin Federated Sharing
ExchAdmin Information Rights Management
ExchAdmin Information Rights Management
ExchAdmin Journaling
ExchAdmin Journaling
ExchAdmin Legal Hold
ExchAdmin Legal Hold
ExchAdmin LegalHoldApplication
ExchAdmin Mail Enabled Public Folders
ExchAdmin Mail Enabled Public Folders
ExchAdmin Mail Recipient Creation
ExchAdmin Mail Recipient Creation
ExchAdmin Mail Recipients
ExchAdmin Mail Recipients
ExchAdmin Mail Tips
ExchAdmin Mail Tips
ExchAdmin Mailbox Import Export
ExchAdmin Mailbox Search
ExchAdmin MailboxSearchApplication
ExchAdmin Message Tracking
ExchAdmin Message Tracking
ExchAdmin Migration
ExchAdmin Migration
ExchAdmin Monitoring
ExchAdmin Monitoring
ExchAdmin Move Mailboxes
ExchAdmin Move Mailboxes
ExchAdmin OfficeExtensionApplication
ExchAdmin Org Custom Apps
ExchAdmin Org Custom Apps
ExchAdmin Org Marketplace Apps
ExchAdmin Org Marketplace Apps
ExchAdmin Organization Client Access
ExchAdmin Organization Client Access
ExchAdmin Organization Configuration
ExchAdmin Organization Configuration
ExchAdmin Organization Transport Set...
ExchAdmin Organization Transport Set...
ExchAdmin POP3 And IMAP4 Protocols
ExchAdmin POP3 And IMAP4 Protocols
ExchAdmin Public Folders
ExchAdmin Public Folders
ExchAdmin Receive Connectors
ExchAdmin Receive Connectors
ExchAdmin Recipient Policies
ExchAdmin Recipient Policies
ExchAdmin Remote and Accepted Domains
ExchAdmin Remote and Accepted Domains
ExchAdmin Reset Password
ExchAdmin Retention Management
ExchAdmin Retention Management
ExchAdmin Role Management
ExchAdmin Role Management
ExchAdmin Security Group Creation an...
ExchAdmin Security Group Creation an...
ExchAdmin Send Connectors
ExchAdmin Send Connectors
ExchAdmin Support Diagnostics
ExchAdmin TeamMailboxLifecycleApplic
ExchAdmin Team Mailboxes
ExchAdmin Team Mailboxes
ExchAdmin Transport Agents
ExchAdmin Transport Agents
ExchAdmin Transport Hygiene
ExchAdmin Transport Hygiene
ExchAdmin Transport Queues
ExchAdmin Transport Queues
ExchAdmin Transport Rules
ExchAdmin Transport Rules
ExchAdmin UM Mailboxes
ExchAdmin UM Mailboxes
ExchAdmin UM Prompts
ExchAdmin UM Prompts
ExchAdmin UnScoped Role Management
ExchAdmin Unified Messaging
ExchAdmin Unified Messaging
ExchAdmin UserApplication
ExchAdmin User Options
ExchAdmin User Options
ExchAdmin View-Only Audit Logs
ExchAdmin View-Only Audit Logs
ExchAdmin View-Only Configuration
ExchAdmin View-Only Configuration
ExchAdmin View-Only Recipients
ExchAdmin View-Only Recipients
ExchAdmin WorkloadManagement
ExchAdmin WorkloadManagement
ExchAdmin Mail Enabled Public Folders
ExchAdmin Public Folders
ExchAdmin Monitoring
ExchAdmin View-Only Configuration
ExchAdmin View-Only Recipients
ExchAdmin My Custom Apps
ExchAdmin My Marketplace Apps
ExchAdmin MyBaseOptions
ExchAdmin MyContactInformation
ExchAdmin MyProfileInformation
ExchAdmin MyRetentionPolicies
ExchAdmin MyTextMessaging
ExchAdmin MyVoiceMail
ExchAdmin MyDiagnostics
ExchAdmin MyDistributionGroupMembers
ExchAdmin MyDistributionGroups
ExchAdmin MyTeamMailboxes
I could remove and do a new ecp virtual directory, but I'm almost positive I tried that already. Permissions screwy? Well then thats a bug in Exchange 2013 CU5 setup because this was a virgin box. It wasn't tampered with in any way and the default install paths were taken.
ASKER
Ok tried this:
Remove-ECPVirtualDirectory
New-ECPVirtualDirectory
Same problem exists.
Also via powershell I made sure this admin account ExchAdmin has a mailbox on the new server. I tried logging into OWA on the new server and it does the same exact thing. Once you click submit, the login page just reloads and the password field goes away. IE asks if you want to store the password. Its as if the sign in button is just doing a page refresh, or redirecting to the existing page.
Remove-ECPVirtualDirectory
New-ECPVirtualDirectory
Same problem exists.
Also via powershell I made sure this admin account ExchAdmin has a mailbox on the new server. I tried logging into OWA on the new server and it does the same exact thing. Once you click submit, the login page just reloads and the password field goes away. IE asks if you want to store the password. Its as if the sign in button is just doing a page refresh, or redirecting to the existing page.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I got into OWA now as well. I changed the forms authentication to not require domain\username. I just have it require the username and I have our domain name selected. Ran the iisreset /noforce afterwards and now that works.
https://email.domain.com/ecp/?ExchClientVer=15 just takes me right in without prompting because it seems its using windows authentication. Thats ok.
https://email.domain.com/ecp/?ExchClientVer=15 just takes me right in without prompting because it seems its using windows authentication. Thats ok.
ASKER
I was able to follow the site I found after extensive online searching. The guide worked in my example. However two of the responders on this thread were extremely helpful in narrowing down a logical set of investigative power shell (and other) commands. They deserve points for their persistence in steering me down the right path.
Should something fishy AD side.